The User Administration Procedure has been designed to provide a unified guideline for creating, modifying or deleting user accounts from Company business systems. It provides guidelines to be followed for creating a user account, modifying access rights for a user account, reviewing active user accounts defined for each system and removing unnecessary user accounts.
Specific user administration procedures, detailing all the steps to be performed for user administration, must be developed by the information system custodian for each system and must be approved by the information system owner.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. REQUIREMENTS FOR USER ADMINISTRATION
3.1 CREATING USER ACCOUNTS
3.2 MODIFYING ACCESS RIGHTS
3.3 REMOVING ACCESS RIGHTS
3.4 REVIEW OF USER ACCESS RIGHTS
3.5 PRIVILEGE MANAGEMENT
4.1 DEPARTMENT MANAGER
4.2 TECHNOLOGY SECURITY TEAM
4.3 SYSTEM OWNER
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The objective of the Vulnerability Alerts Procedure is to describe the vulnerability alerts process, which sets a consistent approach for the distribution, evaluation and follow-up of vulnerability alerts regarding Information Systems within IT environment.
The techniques of dual control and segregation of duties have to be implemented to enhance the control over activities wherever the risk and impact of an IT Security incident would likely result in financial or other material damage to the organization.